Contact Us Contact Us

HP-UX Whitelisting

  Software Depot
Electronic download
Frequently asked questions
Product details & specifications
Receive for Free
Overview

HP-UX Whitelisting (WLI) offers file and system resource protection based on RSA encryption technology on HP Integrity servers running HP-UX 11iv3. WLI is complementary to the traditional UNIX discretionary access controls (DAC) based on user, group, and file permissions. The more granular DAC access control list (ACL) permissions available on VxFS and HFS file systems are likewise not affected.

WLI is also complementary to other HP-UX security mechanisms such as Role-Based Access Control (RBAC) and Compartments. HP-UX RBAC, based on role assignment to users, provides services that allow non-root users to perform tasks requiring root user privilege. HP-UX Compartments restrict user applications by limiting their access to resources not configured within specific compartments.

In contrast to user file ownership and user role assignment, WLI file and resource access is based on RSA key ownership. RSA keys are instrumental in granting resource access privileges, referred to as capabilities in WLI literature, and assigning file access policies. With WLI enforcement in effect, file and resource access is associated with RSA keys and user ID is not a factor. WLI restrictions on file and resource access apply equally to root and non-root users.

WLI maintains a database that recognizes two types of RSA keys. User keys can assign file access policies and sign binary executables for inclusion in file access policies. Administrator keys have the authority of user keys, plus authority to add user and administrator key recognition to the WLI database, allow access to restricted resources, and set WLI configuration attributes. A set of commands is provided that execute only for keys recognized by the WLI database. A subset of these commands requires administrator key recognition to execute.

WLI relies on HP-UX OpenSSL for RSA key generation. WLI requires that private keys are passphrase protected. The key owner is responsible for safely storing private keys and changing passphrases. WLI does not retain private key location or passphrase information. Key recognition and signature verification are accomplished by retrieving public keys and their relationships from the WLI database during run-time operations.

WLI contains the following:

  • A statically linked kernel component for generating and enforcing file access policies and resource restrictions.
  • User commands for specifying file access policies and signing binary executables for inclusion in file access policies. User commands require an authorized user key for execution.
  • Administrator commands for authorizing user and administrator keys, granting resource access privileges, and setting configuration attributes. Administrator commands require an authorized administrator key to execute.
  • A set of manpages providing a WLI overview, and descriptions of WLI commands and configuration files.
  • A shared library, libwliapi.so, which provides programmable functions for creating, deleting, and verifying access on WLI file access policies.

Features and benefits

File access policies

WLI restricts access to files residing on VxFS (aka JFS), HFS, and NFS file systems through file access policies. Both WLI user and administrator keys can authorize generation of file access policies. Enforcement of file access policies can be enabled or disabled only through administrator keys. WLI grants file access only to executables that meet policy requirements, regardless of user ID. WLI provides the following policy types:

  • File Lock Access Control (FLAC) - Read access is allowed and write access is denied to all executables. A FLAC-protected regular file cannot be modified, deleted, or renamed within the directory where it resides. Content of a FLAC-protected directory cannot be modified and files immediately under the directory cannot be modified, but files residing in subdirectories are not affected.

  • Identity Based Access Control (IBAC) - Identity of a binary executable is imparted by signing with private keys recognized by WLI. The signature uniquely identifies the binary as an authorized executable. An IBAC policy permits an authorized executable to access the IBAC-protected file. A file can have multiple IBAC policies, each permitting access to a different authorized executable.

WLI policy enforcement precedes enforcement of DAC permissions. If WLI permits file access, DAC permissions are still in effect

Capabilities

WLI restricts access to certain system resources considered to be security risks. Access to these restricted resources is controlled through WLI administrator keys. An administrator key has the ability to allow access to a restricted resource by granting the capability pertaining to the resource. A capability can be granted to any user or administrator key, or a WLI-signed binary executable.

When a capability is granted to a key, the key can be used to grant the capability to an arbitrary command executing as a child process of a WLI command. The private key and its passphrase are then required to invoke the signed executable and access the restricted resource.

When a capability is granted to a WLI-signed executable, the executable has the capability whenever it is invoked. This permits any user to access the protected resource through the signed executable.

For the initial WLI release, capabilities are:

  • mem - Permits access to memory image files /dev/mem and /dev/kmem.

  • dlkm - Permits a Dynamically Loadable Kernel Module (DLKM) to be loaded.

  • wmd - Permits access to WLI metadata. WLI metadata stores policy and signature information.

  • api - Permits access to libwliapi.so, the shared library providing functions for managing WLI file access policies.

    Documentation

    The following document is available at http://www.hp.com/go/hpux-security-docs:

    HP-UX Whitelisting A.01.02 Administrator Guide

    Also, see the following HP-UX Whitelisting manpages:

    • wli (5)
    • wliadm(1M)
    • wlisys(1M)
    • wlisyspolicy(1M)
    • wlicert(1M)
    • wlipolicy(1)
    • wlisign(1)
    • wlitool(1)
    • wlixfr(1)
    • wliwrap(1)
    • libwliapi(3)
    • wlisys.conf(4)
    • wlisyspolicy.conf(4)
    • wlicert.conf(4)

     

  •  
    Additional product information
    Product #: WhiteListInf
    Version: 01.02.02
    Software specification: HP-UX Whitelisting V1.2 for HP-UX 11i v3 at level B.11.31.0909 or later (WhiteListInf_A.01.02.02_HP-UX_B.11.31_IA.depot)
    HP-UX WhiteListInf (WhiteListInf_A.01.01.07_HP-UX_B.11.31_IA.depot)
    Installation
    Receive for Free